<?php
session_start();
include('../inc/config.inc');
//Array to store validation errors
	$errmsg_arr = array();
	
	//Validation error flag
	$errflag = false;
	
	//Connect to mysql server
	$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
	if(!$link) {
		die('Failed to connect to server: ' . mysql_error());
	}
	
	//Select database
	$db = mysql_select_db(DB_DATABASE);
	if(!$db) {
		die("Unable to select database: " . mysql_error());
	}
	
	//Function to sanitize values received from the form. Prevents SQL injection
	function clean($str) {
		$str = @trim($str);
		if(get_magic_quotes_gpc()) {
		//Gets the current configuration setting of magic_quotes_gpc
		//Sets the magic_quotes state for GPC (Get/Post/Cookie) operations. When magic_quotes are on, all ' (single-quote), " (double quote), \ (backslash) and NUL's are escaped with a backslash automatically. 
			$str = stripslashes($str);
			
			//Un-quotes a quoted string
		}
		return mysql_real_escape_string($str);
		
		//Escapes special characters in a string for use in an SQL statement
	}
	
	
	//Sanitize the POST values
	$email = clean($_POST['email']);
	$pass = clean($_POST['pass']);
	$confPass=clean($_POST['confPass']);

	// Random confirmation code
	$confirm_code=md5($email).rand();
	
	//Input Validations
	if($email == '') {
		$errmsg_arr[] = 'Email Address missing';
		$errflag = true;
	}
	if($pass == '') {
		$errmsg_arr[] = 'Password missing';
		$errflag = true;
	}
	if($confPass == '') {
		$errmsg_arr[] = 'Confirm password missing';
		$errflag = true;
	}
	if( strcmp($pass, $confPass) != 0 ) {
		$errmsg_arr[] = 'Passwords do not match';
		$errflag = true;
	}	
	
		//Check for duplicate login ID
	if($email != '') {
		$qry = "SELECT * FROM users WHERE email_id='$email'";
		$result = mysql_query($qry);
		if($result) {
			if(mysql_num_rows($result) > 0) {
				$errmsg_arr[] = 'You are already registered, please <a href="login.php">login</a>.';
				$errflag = true;
			}
			//will free all memory associated with the result identifier result. 
		}
		else {
			echo mysql_error();
		}
	}
	
		//If there are input validations, redirect back to the registration form
	if($errflag) {
		$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
		session_write_close();
		//Write session data and end session
		$role= $_POST['role'];
		header("Location:../signup.php?role=$role");
		exit();
	}
	//Create INSERT query
	$qry = "INSERT INTO tw_temp_members VALUES(null,'$confirm_code','$email','".md5($pass)."','".$_POST['firstname']."','".$_POST['lastname']."','".$_POST['role']."')";
	$result = @mysql_query($qry);
	

// if suceesfully inserted data into database, send confirmation link to email 
if($result) {
			// send e-mail to ...
		$to=$email;
		
		// Your subject
		$subject="TECHWORKS - Your confirmation link here";
		
		// From
		$header="From: info@technation.af";
		
		// Your message
		$message="Your Comfirmation link \r\n";
		$message.="Click on this link to activate your account \r\n";
		$message.="http://works.technation.af/execute/confirm_user.php?confirm_code=$confirm_code";
		
		// send email
		$sentmail = mail($to,$subject,$message,$header);
		header("location: ../login.php?signup=success");
		exit();
	}else {
		echo mysql_error();
	}

?>